Apple addresses two flaws in DSS

Two flaws in Apple's Darwin Streaming Server have been fixed. Both flaws, if compromised, could allow arbitrary code execution, making them particularly dangerous. Of course, to be vulnerable at all a machine would have to be using DSS to serve content. However, they can be exploited remotely – local access to the server isn't required. With DSS 5.5.5, both of the holes are plugged, and Apple hasn't revealed any information on whether or not these were successfully exploited in the wild. Darwin Streaming Server is an open-source branch of QuickTime Streaming server, though it isn't clear if the flaws are as a result of common code or are independent to DSS.